A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.
|
1. A method comprising:
intercepting, by a proxy server over a network, a data request from a first computing device that is directed to a web server;
modifying the data request to include user profile information;
sending the modified data request to the web server;
sending information to the web server for controlling a manner for how data sent to the web server is cached in the web server;
receiving, by the proxy server, a response from the web server, wherein the response to the proxy server includes information for controlling a manner for how data received from the web server is cached in the proxy server;
caching the data received from the web server in the proxy server; and
sending at least a portion of the cached data from the proxy server to the first computing device.
17. At least one non-transitory computer-readable medium storing computer-readable instructions that, when executed by one or more computing devices, cause at least one of the one or more computing devices to:
intercept over a network a data request from a first computing device that is directed to a web server;
modify the data request to include user profile information;
send the data request to the web server;
send information to the web server for controlling a manner for how data sent to the web server is cached in the web server;
receive a response from the web server, wherein the response includes information for controlling a manner for how data received from the web server is cached;
cache the data received from the web server; and
send at least a portion of the cached data to the first computing device.
9. An apparatus comprising:
one or more processors; and
one or more memories operatively coupled to at least one of the one or more processors and having instructions stored thereon that, when executed by at least one of the one or more processors, cause the apparatus to:
intercept over a network a data request from a first computing device that is directed to a web server;
modify the data request to include user profile information;
send the data request to the web server;
send information to the web server for controlling a manner for how data sent to the web server is cached in the web server;
receive a response from the web server, wherein the response includes information for controlling a manner for how data received from the web server is cached;
cache the data received from the web server, and;
send at least a portion of the cached data to the first computing device.
2. The method of
3. The method of
4. The method of
5. The method of
determining an IP address of the first computing device; and
querying a database to determine an identity associated with the IP address in the database.
6. The method of
7. The method of
8. The method of
10. The apparatus of
11. The apparatus of
12. The apparatus of
13. The apparatus of
determine an IP address of the first computing device; and
query a database to determine an identity associated with the IP address in the database.
14. The apparatus of
15. The apparatus of
16. The apparatus of
18. The at least one non-transitory computer-readable medium of
19. The at least one non-transitory computer-readable medium of
20. The at least one non-transitory computer-readable medium of
|
This application is a continuation of U.S. application Ser. No. 13/786,273 filed Mar. 5, 2013, which is a continuation of U.S. application Ser. No. 13/786,212 filed Mar. 5, 2013, which is a continuation of U.S. application Ser. No. 13/030,986 filed on Feb. 18, 2011 and issued as U.S. Pat. No. 8,713,690, which is a continuation of U.S. application Ser. No. 11/535,056 filed on Sep. 25, 2006 and issued as U.S. Pat. No. 7,895,446, which is a continuation of U.S. application Ser. No. 09/323,415 filed on Jun. 1, 1999 and issued as U.S. Pat. No. 7,146,505. Each of the aforementioned applications and patents are hereby incorporated by reference in their entirety.
After a client computer 111-113 has been connected to the network 120 (through POP 110) it may exchange data with other computers on the network 120. Computers on different networks 120 and 130 also can exchange data with each other by sending their data request to proxy server 117 which, in turn, can forward their request to the destination computer, obtain a response from the destination, and return the response to the requesting computer.
The servers 131-133 and clients 111-113 may communicate with each other using the hypertext transfer protocol (HTTP). HTTP is a data communications protocol that is used by web browser programs (such as Microsoft Internet Explorer and Netscape Navigator) to communicate with web server applications (such as Microsoft Internet Information Server and Netscape Server). Thus, by executing a web browser, a client computer 111-113 can exchange data with a server 131-133 that is executing a web server application.
When a web server receives a HTTP data request from a browser, a web server application, such as a Common Gateway Interface (CGI) script, may be used to query databases, customize responses, and/or perform other processing used to generate a response. The web server application may need data about the client computer, the browser, its user, and/or other data in order to complete its processing of the data request. For example, a web server application may provide customized weather information based on a user's home address. The web application may obtain the user's address information by sending a data input form to the browser and receiving a user's response that contains the needed information. A web server application also may obtain needed data from web server environmental variables that are populated by data in HTTP header fields, by a web server, and/or by a web server sub-component. For example, a CGI script's response to a data request may depend on the type of browser originating the request. The CGI script may access a HTTP environment variable (“HTTP_USER_AGENT”) populated by the web server using data from a “User-Agent” field in a HTTP header. The value of the HTTP_USER_AGENT variable identifies the type of browser originating a request so that the CGI script can customize its response to that browser.
A web server and a browser also may exchange web cookies that contain data. A web cookie is data file that can be automatically exchanged between browsers and servers along with the request and responses exchanged between the browsers and servers. When a web cookie is received by a browser, it can be stored at the client computer. During future transactions with the web server, the web cookie (and any data that it contains) can be sent back to the web server. By using data stored in web cookies, a web server's need to request data from a user may be reduced. However, since web cookies are typically stored on a client computer, they may be deleted and their data lost. Furthermore, if a user moves to another computer, web cookie information stored on the user's original computer will be unavailable to that user. These factors may reduce the utility of web cookies.
The present inventors recognize that information service systems, such as web servers, should provide convenient, secure, reliable, and simple means of interacting with users. The present inventors further recognize when a server must query a user for data or use web cookies for data storage and input, convenience, security, reliability, and simplicity may suffer. Consequently, the invention disclosed herein provides additional means of providing information to a web server application that may provide additional flexibility in implementing information systems.
In general, in one aspect, the invention features a data transfer method performed at a proxy server. The method includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. In another aspect, the invention features a data transfer method performed at an information server. The method includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.
In general, in another aspect, the invention features a computer program residing on a computer-readable medium. The program includes instructions for causing a computer to intercept a data request from a client computer that is directed to a target server, encrypt profile information, augment the data request by adding the encrypted profile information to the data request, and send the augmented data request to the target server. In another aspect, the invention features a computer program residing on a computer-readable medium that includes instructions for causing a computer to receive a data request comprising encrypted profile information that was added to the data request by a proxy server, extract the profile information added by the proxy server, use the extracted profile information to generate a response, and send the response to the proxy server.
In general, in another aspect, the invention features a proxy server that includes a database, a network interface, a processor, and a memory. The database includes records storing user profile information. The network interface operatively couples the proxy server to a network to exchange data with a client computer and with a target server. The processor is operatively coupled to the network interface, the database, and a memory. The memory includes executable instructions for causing the processor to intercept a data request that is directed to a target server, retrieve a record from the database, encrypt profile information in the record, augment the data request by adding the encrypted profile information, and send the augmented data request to the target server
In general, in another aspect, the invention features an information server that includes a network interface, a processor, and a memory. The network interface operatively couples the information server to a proxy server. The processor is operatively coupled to the network interface and to the memory. The memory includes executable instructions for causing the processor to receive a data request from the proxy server, decrypt user profile information added to the data request by the target server; and use the decrypted user profile information to generate a response to the data request.
Implementations may include one or more of the following features. A reference token may be exchanged between servers and used to refer to previously exchanged profile information. The reference token may be placed in subsequent data request sent by the proxy server to the target in place of full profile information. The profile information that is encrypted by the proxy server can be stored in proxy server database records. The particular user profile information encrypted and included in a data request can be selected based on an identity of a client computer user or a browser user. The identity may be determined using the Internet Engineering Task Force IDENT protocol or by using another method.
Implementations also may include one or more of the following features. Profile information may be encrypted at the proxy server using a session key as an encryption key, and may be decrypted at the target server using the same session key. The session key may be determined by the proxy server and sent to the target server using a public key cryptography algorithm and a public key associated with the target server.
A data request may use the hypertext transfer protocol. Profile information extracted from the data request at the target/information server can be provided to a web application, such as a CGI script, that is used to generate a response.
The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Implementations may provide advantages including reduction of redundant data entry, reduction of user data entry errors, secure storage of user data, and automated user profile determination and dissemination. Different encryption keys can be used for different information servers, and each information server may establish characteristics associated with its encryption key. A web site may dynamically generate, maintain, and change its unique encryption key. This may help to minimize risk of replay attacks, message forgery, and message tampering. In addition, implementations may support multiple levels of security.
Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.
Processing of an information request at a information server, such as a web server, can be facilitated by a data transfer mechanism in which data needed to process the request is stored at a proxy server and automatically transferred to the information servers. Such a data transfer mechanism can be used, for example, by an information service provider (ISP) or on-line service provider (OSP) to automatically transfer information about a user (a “user profile”) to affiliated web sites. Referring to
Database 220 may be a local or remote database that can store multiple user profiles. For example, the database 220 may be a database storing user profiles on a hard disk directly connected to the proxy server 202, or the database may be a SQL database at a remote system and accessed over a TCP/IP connection. Still other database 220 implementations may be used. Each user profile may be associated with a particular user or group of users. A user profile may be selected from the database 220 based on the identifying information associated with a particular computer or user of that computer. To determine the user's identity, a proxy server may use a table or database that associates user identity information with network connection information. For example, referring to
When the proxy server 202 has identified the user (step 402), the proxy server can retrieve a user profile associated with that user from its database 220. The proxy server may then add HTTP fields containing user profile information to fields in the original HTTP request 211 (step 403). For example, header fields 304-305 may be added to the original header fields 301-303 from request 211. Field 304 may include unencrypted user profile data (“UserName=John_Doe, ZipCode=60609, ParentalControl=YoungTeen), while field 305 may include encrypted user profile data. Encryption of data in the field 305 may use the SecureData protocol (explained later). The proxy server thereby forms the modified HTTP request 212 containing the user profile data. The modified request 212 may then be forwarded by the proxy server for receipt at a web site (steps 404 and 421).
Particular web servers may or may not be configured to recognize the user profile data fields 304-305. A web server that is not configured to recognize the user profile fields 304-305 may ignore the fields. A web server that is configured to recognize the user profile fields 304-305 can extract the profile data from the field 304-305 (steps 422 and 424). Extraction of user profile data in the field 305 may include decryption of the user profile data in encrypted field 305. The extracted user profile data can be used, for example, to generate or customize data sent in response 213 to the proxy server for forwarding as a response 214 to a user or client computer (step 425). For example, a tourist information web server may customize a page based user profile data specifying a browser user's age, and interest. If a web server looks for a user profile field 304-305 in the request 212, and the user profile field is not present, the server may use “traditional” data input mechanisms (such as forms and web cookies) to obtain needed data from a user (step 422-423). After the necessary data is obtained, the web server 203 can generate a response (step 425).
Exchange of user profile data between a proxy server 202 and a web server 203 may implemented using custom filtering software (“proxy data exchange filter” software) that can be added to commercially available proxy and web site server software. For example, Microsoft Internet Information Server (IIS) provides an application programming interface known as the information server application programming interface (ISAPI) that allows custom filtering software to be added to an ITS web site. A Netscape web site server provides an application programming interface known as the Netscape server application programming interface (NSAPI) that may also be used to develop custom filtering software. When a request 212 from the proxy server 203 is received at an IIS or Netscape server web site, the request 212 is passed to the proxy data exchange filter by the IIS or Netscape server software and the user profile data is extracted from the headers 304-305. The extracted profile data may then be made available as HTTP environment variables, database entries, or other data exchange structures that can be used by web applications. The remaining header information in request 212 (e.g., the original information from request 211), may then be processed by the web server to obtain response 213 information.
A proxy server 202 and web server 203 may implement the SecureData protocol (described below) to encrypt user profile data. Encrypted user profile data may be indicated by a special HTTP header. For example, the field name “User-Profile-SecureData” in field 305 indicates that the field value segment of field 305 contains encrypted profile data.
The SecureData protocol uses multiple cryptography algorithms to provide secure user profile data transfers between a proxy server 202 and a web server 203. For example, the SecureData protocol may use the Rivest, Shamir, Adelman (RSA) public key encryption algorithm or the pretty-good-privacy (PGP) public key cryptography algorithm along with the RSA RC4 symmetric encryption algorithm. Additional information on the RC4 algorithm can be found, for example, in Applied Cryptography, 2nd edition, By Bruce Schneier, John Wiley & Sons, 1996.
User profile information may be encrypted at proxy server 202 using a symmetric encryption algorithm. A symmetric encryption algorithm, such as the RSA RC4 algorithm, uses the same encryption key (referred to herein as a “session” key) to encrypt and decrypt data. The proxy server 202 may encrypt user profile data and place it in a HTTP field in request message 212. The proxy server 202 can also separately encrypt the session key using a public key cryptography algorithm and the public key of the web server 203. The public key encrypted session key may also be placed in the request message 212, or may be sent separately to the web server 203. When the web server 203 has received the encrypted session key and user profile data, the web server 203 can decrypt its session key by using the public key cryptography algorithm and the web server's private key. The web server 203 may then decrypt the user profile information using the decrypted session key.
Referring to
If the proxy server 502 does not have a valid public key for web server 503, the proxy server will obtain the public key from the web server 503 using a HTTP request 512. The request 512 includes a URL that identifies a public key file (“pub_key_file”) stored on the server 503. The public key file may include additional information used by the proxy server 502. For example, the public key file may include the length of the public key, a SecureData protocol version number, a list of supported encryption algorithms, and shortcut configuration information (“shortcut” information is further explained, below).
An exemplary public key may have the format shown below (chevrons ‘<’ and ‘>’ delineate fields in the public key file and brackets ‘[’ and ‘]’ delineate optional information):
Exemplary Public Key File
<public key = length-of-key key>
[<Version = SecureData protocol version number>]
[<crypto = <encryption method>]
[<shortcut =[none|low|med|high|max]>]
The web server's public key file is returned to the proxy server 503 in a HTTP response 513. The web server 503 may provide additional SecureData protocol information in HTTP fields of response 513 and/or in the public key file returned by the response message 513. For example, HTTP fields in response 513 may specify a time to live (TTL) for the key. The TTL value can be used to indicate the period during which the public key is valid.
A proxy server 502 or web server 503 may check a SecureData protocol version number returned in the public key file, in request 512 and/or in response 513 to ensure that the protocol is functioning properly and to recover from or to avoid errors. For example, if a proxy server 502 detects that protocol versions numbers in a retrieved public key file and those in a header of a response 513 do not match, the proxy server may re-submit the request 512 to the server 503. When the request 512 is re-submitted, the proxy server 502 can include the HTTP “no-cache” pragma to instruct caching systems between the proxy 502 and the web server 503 not to use cached data. This may help avoid errors introduced by using stale cached data. When the proxy server 502 has received the web server's public key, it may cache the public key subject to a time-to-live (TTL) value specified by the web server 503 and/or the proxy server's own TTL policies.
If the proxy server 502 is unable to retrieve a web server's public key information or the public key information is otherwise unusable, the proxy server can add a problem report information to fields in a HTTP request 514 to indicate why the public key information is unusable. For example, the proxy server may indicate that the key information has been corrupted or a protocol version number or encryption level specified in the public key file is not supported. If the a web server's public key information is unusable and, consequently, the SecureData encryption protocol cannot be used, a proxy server may continue to forward the HTTP requests from browser clients to the web server without adding additional SecureData proxy headers. Alternatively the proxy server may block or otherwise filter request to the web server. The specific behavior may be defined on a per-web server basis using configuration information stored at the proxy server 502.
Once the proxy server 502 has the public key of web server 503, the proxy server can use the public key to encrypt session key data. The encrypted session key data may then be added to HTTP fields in the request from a browser or client computer 511 to form a modified request 514 that includes the public-key-encrypted session key information. The proxy server also can encrypt the user profile data using the session key information and a symmetric encryption algorithm and place the encrypted user profile data in HTTP fields in the modified request 514. For example, referring to
Different web server's or groups of web servers can have different session keys. A web server's session key may be formed by combining a “master” session key that is the same for a group of web servers with a key mask that can be used to create a unique session key for a web server or a group of web servers. For example, a 64-bit master session key may be combined with a 64-bit key mask using an exclusive-or (‘XOR’) operation, to yield a unique 64-bit session key. In some implementations, the master session key may be the proxy server's public key. Other methods of generating unique keys can be used. The session key data can in field 305 (e.g., “session=a3f792b210dafad”) can include numerous sub-fields. For example, the session key data can include a master key, a key mask, a timestamp, a URL hash, a Proxy IP field, and an encoding scheme field. These fields can contain the following data:
The proxy server 502 can use a web server's unique session key to encrypt user profile data that is add it to the field 305. In some implementations, the user profile data may be placed in one or more additional fields. The request 514, now containing the public-key encrypted session data and the symmetric encrypted user profile data, is then sent to web server 503.
When request 514 is received by the web server 503, the request can be passed to proxy data exchange filter software that can extract the added fields 304-205 from the request 514, decrypt the session key and the user profile information contained in the fields 304-205, and make the user profile information available to web server applications. The user profile information may be made available to web server applications by setting HTTP environment variables, by storing it in a database, by placing it in shared memory, and/or using other data exchange techniques. The proxy data exchange filter software may then pass the request 514 back to the web server for further processing and for generation of a response 515.
The web server 503 can store received profile data in a local database for future request processing purposes. The web server 503 may return a shortcut token to the proxy server 502. The proxy server 502 may add the shortcut token to a subsequent request 518 in place of the ‘full’ user profile data sent in the request 514. This can be used to reduce the amount of data that needs be transferred in subsequent request 518. A shortcut token can be an index value, database query information, file name, other pointer data, or an arbitrary value generated by the web site 503 and used to reference the stored user profile data.
A web server's public key file may be sent to the proxy server 502 using a security level specified by the site 503. For example, a web site's public key file include data indicating that the web site will use a specified one of the following shortcut key security levels:
At low, medium, high, and max security levels, the shortcut token and related security data can be sent in encrypted form using, for example, the proxy server's public key (which may be the master key value). Shortcut token security levels may also be indicated using HTTP fields in a response 513 or 515, or may be specified using data stored in a configuration database at the proxy server 513 using a data entry terminal.
A proxy server 502 or web server 503 may include other HTTP fields in a request 512, 514, 518 or in a response 513, 515, 519 to control user profile data transfers and/or the operation of the SecureData protocol. For example, HTTP fields in requests and/or responses may specify the following directives:
The invention may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them. Apparatus of the invention may be implemented in a computer program product tangibly embodied in a machine-readable storage device for execution by a programmable processor; and method steps of the invention may be performed by a programmable processor executing a program of instructions to perform functions of the invention by operating on input data and generating output. The invention may advantageously be implemented in one or more computer programs that are executable on a programmable system including at least one programmable processor coupled to receive data and instructions from, and to transmit data and instructions to, a data storage system, at least one input device, and at least one output device. Each computer program may be implemented in a high-level procedural or object-oriented programming language, or in assembly or machine language if desired; and in any case, the language may be a compiled or interpreted language. Suitable processors include, by way of example, both general and special purpose microprocessors. Generally, a processor will receive instructions and data from a read-only memory and/or a random access memory. Storage devices suitable for tangibly embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, such as EPROM, EEPROM, and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM disks. Any of the foregoing may be supplemented by, or incorporated in, specially-designed ASICs (application-specific integrated circuits).
A number of embodiments of the present invention have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention. For example, server, proxy, and client protocols need not use the HTTP protocol. Alternate protocols and data formats may be used such as file transfer protocol (FTP) or network news transfer protocol (NNTP). Accordingly, other embodiments are within the scope of the following claims.
Harada, Larry T., Dolecki, Mark A., Purdum, Christopher S, Hendren, III, C. Hudson
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
4238853, | Dec 05 1977 | International Business Machines Corporation | Cryptographic communication security for single domain networks |
4578530, | Jun 24 1981 | VISA U S A , INC A DE CORP | End-to-end encryption system and method of operation |
5245656, | Sep 09 1992 | TTI Inventions C LLC | Security method for private information delivery and filtering in public networks |
5586260, | Feb 12 1993 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms |
5590197, | Apr 04 1995 | SSL SERVICES LLC | Electronic payment system and method |
5671279, | Nov 13 1995 | Meta Platforms, Inc | Electronic commerce using a secure courier system |
5673322, | Mar 22 1996 | RAKUTEN, INC | System and method for providing protocol translation and filtering to access the world wide web from wireless or low-bandwidth networks |
5678041, | Jun 06 1995 | Cooper Union for the Advancement of Science and Art | System and method for restricting user access rights on the internet based on rating information stored in a relational database |
5708780, | Jun 07 1995 | Soverain IP, LLC | Internet server access control and monitoring systems |
5740252, | Oct 13 1995 | WYTHAM TECHNOLOGIES LLC | Apparatus and method for passing private demographic information between hyperlink destinations |
5740361, | Jun 03 1996 | Cranberry Properties, LLC | System for remote pass-phrase authentication |
5754938, | Nov 29 1994 | Pinpoint Incorporated | Pseudonymous server for system for customized electronic identification of desirable objects |
5757925, | Jul 23 1996 | SUN MICROSYSTEMS, INC , A CORP OF DELAWARE | Secure platform independent cross-platform remote execution computer system and method |
5764890, | Dec 13 1994 | Microsoft Technology Licensing, LLC | Method and system for adding a secure network server to an existing computer network |
5802320, | May 18 1995 | Sun Microsystems, Inc | System for packet filtering of data packets at a computer network interface |
5805803, | May 13 1997 | Uber Technologies, Inc | Secure web tunnel |
5812769, | Sep 20 1995 | TWINTECH E U II, LIMITED LIABILITY COMPANY | Method and apparatus for redirecting a user to a new location on the world wide web using relative universal resource locators |
5815665, | Apr 03 1996 | Microsoft Technology Licensing, LLC | System and method for providing trusted brokering services over a distributed network |
5818446, | Nov 18 1996 | International Business Machines Corporation; IBM Corporation | System for changing user interfaces based on display data content |
5825890, | Aug 25 1995 | Meta Platforms, Inc | Secure socket layer application program apparatus and method |
5826025, | Sep 08 1995 | Oracle America, Inc | System for annotation overlay proxy configured to retrieve associated overlays associated with a document request from annotation directory created from list of overlay groups |
5826242, | Oct 06 1995 | Meta Platforms, Inc | Method of on-line shopping utilizing persistent client state in a hypertext transfer protocol based client-server system |
5845070, | Dec 18 1996 | GUYZAR LLC | Security system for internet provider transaction |
5845300, | Jun 05 1996 | Microsoft Technology Licensing, LLC | Method and apparatus for suggesting completions for a partially entered data item based on previously-entered, associated data items |
5848396, | Apr 26 1996 | Conversant, LLC | Method and apparatus for determining behavioral profile of a computer user |
5855008, | Dec 11 1995 | MYPOINTS COM, INC | Attention brokerage |
5889956, | Jul 18 1996 | FUJITSU LIMITED, A JAPANESE CORPORATION | Hierarchical resource management with maximum allowable allocation boundaries |
5892761, | Oct 31 1995 | Meta Platforms, Inc | Method and apparatus for routing data in collaborative computing system |
5905872, | Nov 05 1996 | AT&T Corp | Method of transferring connection management information in world wideweb requests and responses |
5908469, | Feb 14 1997 | GOOGLE LLC | Generic user authentication for network computers |
5933827, | Sep 25 1996 | International Business Machines Corporation | System for identifying new web pages of interest to a user |
5941954, | Oct 01 1997 | Oracle America, Inc | Network message redirection |
5944794, | Sep 30 1994 | Kabushiki Kaisha Toshiba | User identification data management scheme for networking computer systems using wide area network |
5960411, | Sep 12 1997 | AMAZON COM, INC | Method and system for placing a purchase order via a communications network |
5961593, | Jan 22 1997 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | System and method for providing anonymous personalized browsing by a proxy system in a network |
5974398, | Apr 11 1997 | TWITTER, INC | Method and apparatus enabling valuation of user access of advertising carried by interactive information and entertainment services |
5978799, | Jan 30 1997 | TUMBLEWEED HOLDINGS LLC | Search engine including query database, user profile database, information templates and email facility |
5987454, | Jun 09 1997 | Red Hat, Inc | Method and apparatus for selectively augmenting retrieved text, numbers, maps, charts, still pictures and/or graphics, moving pictures and/or graphics and audio information from a network resource |
5991735, | Apr 26 1996 | Conversant, LLC | Computer program apparatus for determining behavioral profile of a computer user |
5991795, | Apr 18 1997 | PANASONIC ELECTRIC WORKS CO , LTD | Communication system and methods using dynamic expansion for computer networks |
5991810, | Aug 01 1997 | RPX Corporation | User name authentication for gateway clients accessing a proxy cache server |
6029175, | Oct 26 1995 | Teknowledge Corporation | Automatic retrieval of changed files by a network software agent |
6038598, | Feb 23 1998 | Intel Corporation | Method of providing one of a plurality of web pages mapped to a single uniform resource locator (URL) based on evaluation of a condition |
6041357, | Feb 06 1997 | TUMBLEWEED HOLDINGS LLC | Common session token system and protocol |
6047376, | Oct 18 1996 | TOSHIBA INFORMATION SYSTEMS JAPAN | Client-server system, server access authentication method, memory medium stores server-access authentication programs, and issuance device which issues the memory medium contents |
6049821, | Jan 24 1997 | Google Technology Holdings LLC | Proxy host computer and method for accessing and retrieving information between a browser and a proxy |
6049877, | Jul 16 1997 | International Business Machines Corporation; International Business Machines Corp | Systems, methods and computer program products for authorizing common gateway interface application requests |
6052785, | Nov 21 1997 | CLOUD SOFTWARE GROUP SWITZERLAND GMBH | Multiple remote data access security mechanism for multitiered internet computer networks |
6073175, | Apr 27 1998 | International Business Machines Corporation | Method for supporting different service levels in a network using web page content information |
6081900, | Mar 16 1999 | MICRO FOCUS SOFTWARE INC | Secure intranet access |
6092053, | Oct 07 1998 | PayPal, Inc | System and method for merchant invoked electronic commerce |
6092196, | Nov 25 1997 | RPX CLEARINGHOUSE LLC | HTTP distributed remote user authentication system |
6092204, | Oct 01 1996 | AT&T Corp | Filtering for public databases with naming ambiguities |
6105027, | Mar 10 1997 | DROPBOX, INC | Techniques for eliminating redundant access checking by access filters |
6112212, | Sep 15 1997 | The Pangea Project LLC | Systems and methods for organizing and analyzing information stored on a computer network |
6112227, | Aug 06 1998 | Meta Platforms, Inc | Filter-in method for reducing junk e-mail |
6119098, | Oct 14 1997 | PATRICE D GUYOT; LAURENT GAUTIER | System and method for targeting and distributing advertisements over a distributed network |
6128627, | Apr 15 1998 | R2 SOLUTIONS LLC | Consistent data storage in an object cache |
6128663, | Feb 11 1997 | WORLDWIDE CREATIVE TECHNIQUES, INC | Method and apparatus for customization of information content provided to a requestor over a network using demographic information yet the user remains anonymous to the server |
6131095, | Dec 11 1996 | Comcast IP Holdings I, LLC | Method of accessing a target entity over a communications network |
6138162, | Feb 11 1997 | Mercury Kingdom Assets Limited | Method and apparatus for configuring a client to redirect requests to a caching proxy server based on a category ID with the request |
6141010, | Jul 17 1998 | B E TECHNOLOGY, LLC | Computer interface method and apparatus with targeted advertising |
6144996, | May 13 1998 | PALO ALTO NETWORKS, INC | Method and apparatus for providing a guaranteed minimum level of performance for content delivery over a network |
6151686, | Jun 06 1997 | FMR LLC | Managing an information retrieval problem |
6161145, | May 08 1997 | International Business Machines Corporation | Updating server-related data at a client |
6178411, | May 28 1996 | Pitney Bowes Inc | Interactive process for applying or printing information on letters or parcels |
6178441, | Sep 21 1998 | International Business Machines Corporation | Method and system in a computer network for the reliable and consistent ordering of client requests |
6182141, | Dec 20 1996 | Intel Corporation | Transparent proxy server |
6195681, | Feb 07 1997 | ABOUT, INC | Guide-based internet directory system and method |
6212563, | Oct 01 1998 | Hewlett Packard Enterprise Development LP | Method and system for setting and managing externally provided internet protocol addresses using the dynamic host configuration protocol |
6212640, | Mar 25 1999 | Oracle America, Inc | Resources sharing on the internet via the HTTP |
6223215, | Sep 22 1998 | Sony Corporation; Sony Electronics INC | Tracking a user's purchases on the internet by associating the user with an inbound source and a session identifier |
6226752, | May 11 1999 | Oracle America, Inc | Method and apparatus for authenticating users |
6243864, | Jul 17 1997 | SOCIONEXT INC | Compiler for optimizing memory instruction sequences by marking instructions not having multiple memory address paths |
6253202, | Sep 18 1998 | Oracle International Corporation | Method, system and apparatus for authorizing access by a first user to a knowledge profile of a second user responsive to an access request from the first user |
6253326, | May 29 1998 | ACCESS CO , LTD | Method and system for secure communications |
6272492, | Nov 21 1997 | International Business Machines Corporation | Front-end proxy for transparently increasing web server functionality |
6272631, | Jun 30 1997 | Microsoft Technology Licensing, LLC | Protected storage of core data secrets |
6286043, | Aug 26 1998 | International Business Machines Corp. | User profile management in the presence of dynamic pages using content templates |
6286046, | Dec 22 1997 | International Business Machines Corporation | Method of recording and measuring e-business sessions on the world wide web |
6289462, | Sep 28 1998 | GENERAL DYNAMICS ADVANCED INFORMATION SYSTEMS, INC; GENERAL DYNAMICS MISSION SYSTEMS, INC | Trusted compartmentalized computer operating system |
6298380, | Jul 31 1997 | Cisco Technology, Inc. | Method and apparatus for reducing overhead on a proxied connection |
6308216, | Nov 14 1997 | International Business Machines Corporation | Service request routing using quality-of-service data and network resource information |
6314565, | May 19 1997 | Intervu, Inc | System and method for automated identification, retrieval, and installation of multimedia software components |
6321336, | |||
6324585, | Nov 19 1998 | Cisco Technology, Inc | Method and apparatus for domain name service request resolution |
6330561, | Jun 26 1998 | AT&T Corp | Method and apparatus for improving end to end performance of a data network |
6330588, | Dec 21 1998 | Philips Electronics North America Corporation | Verification of software agents and agent activities |
6357010, | Feb 17 1998 | JPMORGAN CHASE BANK, N A ; MORGAN STANLEY SENIOR FUNDING, INC | System and method for controlling access to documents stored on an internal network |
6360270, | Nov 16 1998 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Hybrid and predictive admission control strategies for a server |
6373950, | Jun 17 1996 | Hewlett Packard Enterprise Development LP | System, method and article of manufacture for transmitting messages within messages utilizing an extensible, flexible architecture |
6385592, | Aug 20 1996 | Mineral Lassen LLC | System and method for delivering customized advertisements within interactive communication systems |
6389460, | May 13 1998 | PALO ALTO NETWORKS, INC | Method and apparatus for efficient storage and retrieval of objects in and from an object storage device |
6389462, | Dec 16 1998 | Alcatel Lucent | Method and apparatus for transparently directing requests for web objects to proxy caches |
6393407, | Sep 11 1997 | ANDREAS ACQUISITION LLC | Tracking user micro-interactions with web page advertising |
6415322, | Feb 27 1998 | BEH Investments LLC | Dual/blind identification |
6418471, | Oct 06 1997 | NCR Voyix Corporation | Method for recording and reproducing the browsing activities of an individual web browser |
6421781, | Apr 30 1998 | Unwired Planet, LLC | Method and apparatus for maintaining security in a push server |
6434608, | Feb 26 1999 | CISCO TECHNOLOGY,INC | Methods and apparatus for caching network traffic |
6438125, | Jan 22 1999 | RPX CLEARINGHOUSE LLC | Method and system for redirecting web page requests on a TCP/IP network |
6438592, | Feb 25 1998 | RPX Corporation | Systems for monitoring and improving performance on the world wide web |
6438652, | Oct 09 1998 | International Business Machines Corporation | Load balancing cooperating cache servers by shifting forwarded request |
6460081, | May 19 1999 | Qwest Communications International Inc | System and method for controlling data access |
6460141, | Oct 28 1998 | EMC IP HOLDING COMPANY LLC | Security and access management system for web-enabled and non-web-enabled applications and content on a computer network |
6466970, | Jan 27 1999 | Adobe Inc | System and method for collecting and analyzing information about content requested in a network (World Wide Web) environment |
6487538, | Nov 16 1998 | ConneXus Corporation | Method and apparatus for local advertising |
6487592, | Apr 09 1999 | RPX CLEARINGHOUSE LLC | Method and apparatus providing a cable modem management and provisioning system |
6490602, | Jan 15 1999 | ZARBAÑA DIGITAL FUND LLC | Method and apparatus for providing enhanced functionality to product webpages |
6516000, | Oct 31 1995 | Lucent Technologies Inc. | Communications system for transmission of datagram packets over connection-oriented networks |
6532493, | Oct 29 1998 | Cisco Technology, Inc. | Methods and apparatus for redirecting network cache traffic |
6564243, | Sep 14 1998 | ADWISE LTD | Method and system for injecting external content into computer network interactive sessions |
6571295, | Jan 31 1996 | Open Invention Network, LLC | Web page annotating and processing |
6587836, | Sep 26 1997 | Verizon Patent and Licensing Inc | Authentication and entitlement for users of web based data management programs |
6606643, | Jan 04 2000 | GOOGLE LLC | Method of automatically selecting a mirror server for web-based client-host interaction |
6606657, | Jun 22 1999 | Mavenir LTD | System and method for processing and presenting internet usage information |
6606663, | Sep 29 1998 | UNWIRED PLANET IP MANAGER, LLC; Unwired Planet, LLC | Method and apparatus for caching credentials in proxy servers for wireless user agents |
6606708, | Sep 26 1997 | Verizon Patent and Licensing Inc | Secure server architecture for Web based data management |
6615258, | Nov 01 1997 | Verizon Patent and Licensing Inc | Integrated customer interface for web based data management |
6640242, | Jan 29 1999 | Microsoft Technology Licensing, LLC | Voice access through a data-centric network to an integrated message storage and retrieval system |
6651095, | Dec 14 1998 | International Business Machines Corporation | Methods, systems and computer program products for management of preferences in a heterogeneous computing environment |
6687732, | Sep 28 1998 | R2 SOLUTIONS LLC | Adaptive traffic bypassing in an intercepting network driver |
6687746, | Aug 30 1999 | FAR NORTH PATENTS, LLC | System apparatus and method for hosting and assigning domain names on a wide area network |
6718390, | Jan 05 1999 | Cisco Technology, Inc | Selectively forced redirection of network traffic |
6735631, | Feb 10 1998 | Sprint Communications Company, L.P.; BALL, HARLEY R SPRINT COMMUNICATIONS COMPANY,L P | Method and system for networking redirecting |
6760746, | Aug 31 2000 | MEC MANAGEMENT, LLC | Method, product, and apparatus for processing a data request |
6766454, | Apr 08 1997 | Malikie Innovations Limited | System and method for using an authentication applet to identify and authenticate a user in a computer network |
6769019, | Dec 10 1997 | CONSENDA, INC | Method of background downloading of information from a computer network |
6775687, | Oct 12 1999 | SNAP INC | Exchanging supplemental information fields between a client and a server |
6944669, | Oct 22 1999 | Meta Platforms, Inc | Sharing the personal information of a network user with the resources accessed by that network user |
7103018, | Apr 28 1998 | Nokia Technologies Oy | Method of and a network for handling wireless session protocol (WSP) sessions |
7130885, | Sep 05 2000 | METRICSTREAM, INC | Methods and apparatus providing electronic messages that are linked and aggregated |
7146505, | Jun 01 1999 | Meta Platforms, Inc | Secure data exchange between date processing systems |
7225249, | Sep 26 1997 | Verizon Patent and Licensing Inc | Integrated systems for providing communications network management services and interactive generating invoice documents |
7272639, | Jun 07 1995 | Soverain IP, LLC | Internet server access control and monitoring systems |
7275086, | Jul 01 1999 | Intellisync Corporation | System and method for embedding a context-sensitive web portal in a computer application |
7343351, | Aug 31 1999 | Liberty Peak Ventures, LLC | Methods and apparatus for conducting electronic transactions |
7401115, | Oct 23 2000 | Meta Platforms, Inc | Processing selected browser requests |
7895446, | Jun 01 1999 | Meta Platforms, Inc | Secure data exchange between data processing systems |
7966259, | Dec 09 1999 | Amazon Technologies, Inc | System and methods for facilitating transactions on, and personalizing web pages of, third party web sites |
7996460, | Oct 22 1999 | Meta Platforms, Inc | Processing selected browser requests |
8539023, | Oct 22 1999 | Meta Platforms, Inc | Processing selected browser requests |
8688777, | Oct 22 1999 | Meta Platforms, Inc | Processing selected browser requests |
8688778, | Oct 22 1999 | Meta Platforms, Inc | Processing browser requests based on trap lists |
8694581, | Oct 22 1999 | Meta Platforms, Inc | Modifying browser requests to track browsing activities |
8713690, | Jun 01 1999 | Meta Platforms, Inc | Secure data exchange between data processing systems |
8713694, | Jun 01 1999 | Meta Platforms, Inc | Secure data exchange for processing requests |
8713695, | Jun 01 1999 | Meta Platforms, Inc | Processing data using information embedded in a data request |
8751790, | Jun 01 1999 | Meta Platforms, Inc | Secure data exchange based on request destination |
20010023436, | |||
20010039587, | |||
20010047484, | |||
20020052935, | |||
20020059402, | |||
20020087559, | |||
20020089958, | |||
20030009430, | |||
20030036974, | |||
20050240992, | |||
20060047847, | |||
20060095526, | |||
20080201344, | |||
20130179677, | |||
20130191905, | |||
EP848338, | |||
EP855659, | |||
EP893920, | |||
JP1131126, | |||
JP9114783, | |||
WO79432, | |||
WO143033, | |||
WO9715885, | |||
WO9831155, | |||
WO9833130, | |||
WO9836522, | |||
WO9843150, | |||
WO9845793, | |||
WO9858334, | |||
WO9900958, | |||
WO9900960, | |||
WO9903243, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
May 07 1999 | HENDREN III, C HUDSON | AMERICA ONLINE, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 034922 | /0730 | |
May 10 1999 | HARADA, LARRY T | AMERICA ONLINE, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 034922 | /0730 | |
May 26 1999 | DOLECKI, MARK A | AMERICA ONLINE, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 034922 | /0730 | |
May 26 1999 | PURDUM, CHRISTOPHER S | AMERICA ONLINE, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 034922 | /0730 | |
Apr 03 2006 | AMERICA ONLINE, INC | AOL LLC | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 034925 | /0085 | |
Dec 04 2009 | AOL LLC | AOL Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 034922 | /0796 | |
Jun 14 2012 | AOL Inc | Facebook, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 034925 | /0115 | |
Dec 30 2014 | Facebook, Inc. | (assignment on the face of the patent) | / | |||
Oct 28 2021 | Facebook, Inc | Meta Platforms, Inc | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 058961 | /0436 |
Date | Maintenance Fee Events |
Nov 27 2019 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Nov 23 2023 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Date | Maintenance Schedule |
Jun 07 2019 | 4 years fee payment window open |
Dec 07 2019 | 6 months grace period start (w surcharge) |
Jun 07 2020 | patent expiry (for year 4) |
Jun 07 2022 | 2 years to revive unintentionally abandoned end. (for year 4) |
Jun 07 2023 | 8 years fee payment window open |
Dec 07 2023 | 6 months grace period start (w surcharge) |
Jun 07 2024 | patent expiry (for year 8) |
Jun 07 2026 | 2 years to revive unintentionally abandoned end. (for year 8) |
Jun 07 2027 | 12 years fee payment window open |
Dec 07 2027 | 6 months grace period start (w surcharge) |
Jun 07 2028 | patent expiry (for year 12) |
Jun 07 2030 | 2 years to revive unintentionally abandoned end. (for year 12) |